Distil Networks has produced their third annual Bad Bot Report. It's the IT Security Industry's most in-depth analysis on the sources, types, and sophistication levels of last year's bot attacks -- and there are serious implications for anyone responsible for securing websites and APIs.

Join Derek Brink, Vice President of Research at Aberdeen Group and Rami Essaid, CEO of Distil Networks as they dive into the data to reveal:

• 6 high-risk lessons every IT security pro must know
• How to quantify the risk and economic impact of bad bots for your organization
• How bot activity varies across websites based on industry and popularity
• The worst offending countries, ISPs, mobile operators, and hosting providers

A cyber incident in a large, complex industrial control system can have serious consequences, and all security technologies have limitations. This means we can always be more secure, or less. How then, should we evaluate security funding requests for industrial sites? How do we know how much is enough?

The abstract, qualitative models that most of us use for cyber threats are poorly understood by business decision-makers, and are not easily compared to risk models for threats such as earthquakes and flu pandemics. We could force-fit cyber risks into more conventional models by "making up" numbers for the probability of serious incidents, but "made up" numbers yield poor business decisions.

Most business leaders though, do understand cyber attack scenarios and their consequences, and find them much more useful than qualitative models or "made-up" probabilities. To communicate industrial cyber risks effectively, an assessment process should distill complex risk information into a small, representative set of high-consequence attack scenarios. Business decision-makers can then "draw a line" through the set, selecting which combinations of attacks, consequences and risks to accept, and which to mitigate or transfer.

Join us to explore using attack scenarios to communicate risks, consequences, and costs to business decision-makers.

Derek Brink, VP of Research at Aberdeen Group & Rami Essaid, CEO of Distil Networks

Distil Networks has produced their third annual Bad Bot Report. It's the IT Security Industry's most in-depth analysis on the sources, types, and sophistication levels of last year's bot attacks -- and there are serious implications for anyone responsible for securing websites and APIs.

Join Derek Brink, Vice President of Research at Aberdeen Group and Rami Essaid, CEO of Distil Networks as they dive into the data to reveal:

• 6 high-risk lessons every IT security pro must know
• How to quantify the risk and economic impact of bad bots for your organization
• How bot activity varies across websites based on industry and popularity
• The worst offending countries, ISPs, mobile operators, and hosting providers

Attackers are moving away from direct assault, and instead are hijacking and exploiting user credentials to thwart security tools, and gain easy access to business data. How can you strike back and stop breaches that attack your users far, far away?

• Stop fighting previous battles – Attackers have moved on to a new, more vulnerable target
• Move Security techniques to a new future – Identity must be the core of security
• Re-angle the deflector shields – Legacy perimeter security isn’t enough

Join Chris Webber, Security Strategist at Centrify, and Eric Hanselman, Chief Analyst at 451 Research, as they discuss todays’ identity-based security risks, and how to arm yourself against them.

It’s often a challenge to address the ICS cyber security conversation in an organization that has yet to suffer a cyber incident. While the issue of defending against traditional IT cyber breaches goes uncontested ICS owner/operators still struggle to align traditional cyber threat vocabulary and remediation methods to their operational environments. Both malicious and unintentional cyber threats are not confined to data breaches and IT systems but they can be harder to identify in ICS environments. You have to know what you’re looking for.

Joe Weiss has amassed a database of more than 700 confirmed control system cyber incidents. The database covers ICS cyber from around the globe. A vast majority incidents were not identified in official reports as being cyber-related but a review of the circumstances surrounding the event proves otherwise.

During this webinar Weiss will discuss:
• Differences between ICS cyber security and traditional IT security
• Summaries of actual ICS cyber incidents from his database
• Recommendations on how to tackle monitoring and protection at your facility

Big data analytics and smarter sensors are just two of many technologies leveraged by many companies enhancing their Industrial Control Systems (ICS) to reap the benefits of the Industrial Internet. However, as you design these smarter and increasingly connected systems, security must be built in from early stages, or else you risk others, with malicious intent, using your systems against you. This session will describe a process for helping you frame your security needs and meet them smartly to be sure that you are efficiently and effectively tackling security “end-to-end” and not leaving any weakest links unprotected as you evolve your ICS to capture the opportunities driving the excitement behind the Industrial Internet.

About the Speaker: Brian Witten is a Senior Director for “Internet of Things” (IoT) at Symantec.

Cloud security is more secure than traditional appliance based solutions, especially in today’s social and mobile world. This is not just our view - this has been corroborated by several external analysts. New research from Forrester Inc., The Necessity of Cloud-Delivered Integrated Security Platforms, targeting 130 IT decision makers at firms with at least $250 million in revenue, identified that:

98% of decision makers acknowledge that integrated platforms deliver better security
Many organizations still have a plethora of legacy point solutions and appliances in their environment
These organizations suffer from significant volumes of security alerts being triggered without effective response mechanisms

Join SecurityWeek and Dan Maier, Sr. Director Product Marketing at Zscaler, for a compelling webcast full of key insights and findings from this research.

As cloud apps like Salesforce, Office 365, Google for Work, and ServiceNow become the norm, organizations need to enable secure access and maintain compliance. They must also bring under management a growing variety of personal devices, including laptops, smartphones, tablets, and wearables that are being used to access business systems and data.

How do you manage user identities and cloud app access in real-time, while keeping sensitive data secure? Join experts from Imperva and Centrify as they share best practices on enabling the safe and productive use of cloud apps.

• Provide secure single sign-on and user-friendly multi-factor authentication (MFA)
• Secure and monitor SaaS access from login to logout
• Detect and block cyber threats such as account takeovers
• Simplify, centralize, and automate access management – across apps and devices
• Leverage leading security offerings and what you need to consider

Register now so you’re ahead of the fast-moving intersection of cloud apps, BYOD, and identity management.

Data breaches continue to be top of mind for organizations large and small. Two key dynamics are making that challenge much harder — the cloud and the growing sophistication of attackers.

In this webinar David Mcneely, VP of Product Strategy at Centrify, explores the modern enterprise — a hybrid organization with infrastructure spread across on-premises data centers as well as hosted in the cloud and one where IT functions are split between internal and 3rd-party administrators. Attend this webinar to learn about:

- Trends impacting data security and increasing identity-related risks
- How to reduce the risk of security breach by minimizing your attack surface
- Best practices for managing and governing privileged identities in the modern enterprise

Cybersecurity has become more than a technical problem. A data breach can have a major impact on your business – loss of jobs and customers, reduced brand reputation, stock price drops and more – with recent research placing the average cost of a breach at $2.7 million dollars. Yet too many organizations continue to drown in low-level threat data and individual response tactics, with security teams pouring through hay stacks that may or may not contain that “needle”.

Join this webcast to learn how to improve the resiliency of your organization’s strategic risk management and business operation. Our panel of expert speakers include a former intelligence analyst, a CISO and a CEO, who will examine the business impact of cyber threats, why the traditional cybersecurity approach no longer applies, and offer tips for:

In this webcast we will look at how to effectively manage Macs in the enterprise as well as mobile devices leveraging your existing IT infrastructure.

The growth of Mac in the enterprise is undeniable. Apple’s success with the iPhone and iPad is bleeding over into end user preference for laptops. Where Macs used to account for only low single digit percentages of devices deployed and were therefore largely ignored, they are now growing across all verticals and industries and represent a significant challenge for IT.

Attend this webinar to find out more on how to align, automate and enforce controls to security and compliance policies – while providing visualization, workflow and reporting critical to improving operational efficiency and reducing audit costs.

In 2015, cloud security, mobile and portable technology/applications (BYOD), data protection, and privacy and regulation will be a top priorities across every industry as businesses look to:

- Reduce the cost and complexity of managing variety of compliance regulations with shrinking budgets
-Manage enterprise and cyber risk with point security solution silos
- Perform continuous monitoring of risk with ever increasing systems and volumes of data
- Become more proactive rather than reactive regarding their IT risk management
- Eliminate costly audit disruptions

How To Avoid Being Tomorrow’s Headline: Mitigating Insider Threats and Breaches

Are your privileged users putting your business at risk? You might be granting your users too much privilege - even unintentionally - and dramatically increasing your potential attack surface. If over-privileged user credentials are compromised - or worse, misused by a disgruntled employee - your data and systems can be put at risk and your sensitive data can be stolen. Making you tomorrow’s headline.

Brad Zehring, Director of Product Management at Centrify, will discuss how insider threats - both seen and unseen - develop and offer approaches you can use to reduce your attack surface and mitigate the threat.

Mobile devices are becoming the preferred platform for online banking, commerce and accessing business applications. In the recent Black Friday to Cyber Monday weekend, mobile devices accounted for 39 percent of online transactions. This increased reliance on mobile is driving an increase in fraud and cybercrime attacks through mobile devices, with organized cybercriminals deploying sophisticated attacks that exploit mobile technology.

Cybersecurity and fraud prevention professionals require defenses specifically designed to protect against losses and exposure from mobile attacks. Attend this webinar to understand how to protect transactions from native mobile applications and browsers in real time, without adding friction to the user experience.

Topics include:
•How authentication from mobile devices differs from laptops and PCs
•Indicators of potential fraud from smartphones and tablets
•What precise geolocation can tell you about a mobile transaction
•Why global shared intelligence is critical to frictionless protection

While awareness over the need for improved cybersecurity in SCADA and Industrial Control Systems (ICS) has improved in recent years, several inaccurate and dangerous assumptions about ICS cybersecurity best practices and the nature of cyber threats still persist. If held by organizations as fact, these myths could result in inadequate cyber-defensive measures and a high level of exposure to a range of attacks or even simple accidental cyber incidents both of which could have equally concerning consequences to process availability and safety.

- Common myths around cyberthreats to ICS and why they could be significant security gaps when held as truth
- Select real-world examples that highlight the consequences when malicious actors successfully exploit these gaps
- The more updated and accurate view to ICS cyberthreats as well as effective technologies which help asset owners build a stronger ICS security posture

Fraud and other forms of cybercrime continue to plague all companies with an online presence, with sophisticated cybercriminals launching attacks on logins, payments, and account origination. Security and fraud prevention professionals are challenged to keep pace with evolving trends and protect against attacks that threaten customers, employees, revenues and data – all without impeding user experience.

Knowing the latest attack trends can help focus your detection and prevention resources to reduce risk and losses. Attend this webinar to learn how to leverage findings in The ThreatMetrix Cybercrime Report, based on actual cybercrime attacks detected during real-time analysis and interdiction of fraudulent account logins, online payments and registrations. This report gathers data from over 850 million monthly transactions, including findings from this year’s Black Friday – Cyber Monday weekend.

Almost half of IT security professionals reported they experienced compromised or misused Secure Shell (SSH) keys in the last 24 months. The majority of the survey respondents rely on overburdened system administrators to self-govern their SSH keys. Unfortunately the result is ineffective security practices that leave the organization exposed.

Forrester Research, analyst, John Kindervag, emphasizes, “Two-thirds of IT security professionals do not perform the necessary checks for unauthorized use of SSH keys.”

In this webinar, you will be provided with some recommendations how to mitigate the vulnerabilities that exist that exploit SSH keys and the gaps within an organization that leaves SSH keys vulnerable to these attacks.

LEARNING OBJECTIVES:
• Review the Forrester Research findings on the state of SSH in the enterprise network
• Learn what strategies need to be implemented to mitigate trust-based attacks
• Understand the risks of not mitigating trust-based attacks

Scott Simkin, Sr. Manager in the Cybersecurity group at Palo Alto Networks.

Advanced Persistent Threats (APTs) are being used to compromise organizations around the globe with increasing sophistication, persistence, and evasive attack methods. Join Palo Alto Networks and SecurityWeek for a webcast with live interactive Q&A that will take you straight to the heart of the cyber underground.

The Heartbleed vulnerability will be talked about for years to come. Well respected cryptographers like Bruce Schneier have stated that “Heartbleed is Catastrophic. On a 1 to 10 scale this is an 11. The attack leaves no trace, and can be done multiple times. This means that anything in memory -- SSL private keys, user keys, anything -- is vulnerable. And you have to assume that it is all compromised. All of it.”

By now most organizations have responded to the Heartbleed vulnerability, the question as to whether or not organizations have indeed fully remediated the vulnerability is still open. The reason for this is that many organizations perform ‘lazy’ certificate rotations, and do not create new keys.
It’s also been proven that the Heartbleed vulnerability impacts mail servers, chat servers, VPN’s, network appliance and client software. Over 50 security vendors have also confirmed that their solutions are vulnerable.

It is paramount that all keys and certificates be replaced within the enterprise network, patching only publicly facing web servers is not sufficient.

LEARNING OBJECTIVES:

• Learn about the impact of the Heartbleed vulnerability has had on organizations
• Review the Venafi remediation report – understanding if enterprise organizations have indeed remediated the Heartbleed vulnerability
• Learn about best practices to mitigate trust-based attacks